Privacy Policy

Effective Date: 05/03/2025

‍Lewis & Grey Pty Ltd ("Lewis & Grey", "we", "us", or "our") is committed to protecting your personal information. We operate under the laws of New South Wales (NSW), Australia, and comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This Privacy Policy outlines how we collect, use, disclose, and manage your personal information in the course of our public relations (PR) services and sales and marketing activities. It also explains your rights regarding your personal data. We may update this policy from time to time to reflect changes in law or our business practices. Any updates will be posted on our website and will be effective when published.

1. Types of Personal Information Collected
We only collect personal information that is reasonably necessary for our business functions and activities. The types of personal information Lewis & Grey may collect include:
‍Contact Information: Your name, email address, telephone number, and postal or business address.
‍Professional Details: Your job title or role and the organization you represent (if you are engaging with us on behalf of a company).
‍Communications: Information you provide in communications with us (e.g., via email inquiries, phone calls, or contact forms).
‍Other Details: Any other personal details you choose to provide to us in the course of our dealings, such as feedback or preferences related to our services.

We do not collect any sensitive personal information (such as health, racial or ethnic origin, political opinions, etc.) unless it is necessary and you have expressly given consent or it is required by law.
‍
2. Purpose of Data Collection
‍Lewis & Grey collects and uses personal information primarily for sales and marketing activities and to deliver our PR services. The purposes for which we collect your personal information include:
‍Providing and Promoting Services: To communicate with you about our PR services, respond to inquiries, and deliver the services you have requested. We use your contact details to send you information about our offerings, industry updates, events, or newsletters that may be relevant to you.
‍Sales and Marketing: To engage in direct marketing communications and campaigns, such as informing you of new services, special offers, or other information that we believe will interest you. We only send you marketing emails or messages in accordance with applicable laws (such as the Spam Act 2003 (Cth)), and you can opt out at any time (see User Rights below).
‍Client Relationship Management: To maintain and manage our relationship with you or your organization, including keeping records of communications and interactions, and improving our services based on feedback.
‍Business Operations: To support our internal operations, such as record-keeping, billing and invoicing, project management, and administrative purposes related to our PR business.
‍Legal Compliance: To comply with any legal obligations or regulatory requirements (for example, responding to a lawful request for information or ensuring compliance with the Privacy Act and other laws).We will only use the personal information for the purposes above or for closely related secondary purposes that you would reasonably expect, or otherwise with your consent.
‍
3. Data Sharing (Disclosure of Personal Information to Third Parties)
‍Lewis & Grey respects the privacy of your personal information and will only disclose it to third parties in limited circumstances, as outlined below. We do not sell or rent your personal information to third-party marketers. However, we may share your information with:
‍Service Providers and Business Partners: We may disclose personal information to third-party service providers who assist us in conducting our business. This includes, for example, technology and IT support providers, cloud storage or email service providers, marketing or analytics service companies, and other professionals who help us deliver our services or administer our operations. These third parties will be provided only the information necessary to perform their specific function and are expected to handle your data securely and in accordance with applicable privacy laws.
‍Related Entities: We may share information with our related companies or affiliates (if any) for purposes consistent with this Privacy Policy, such as internal administration or to facilitate services you’ve requested.
‍Legal Requirements and Protection: We may disclose personal information if required by law, regulation, or court order. For example, we might need to provide information to government agencies for compliance purposes. We may also disclose information in good faith if it is reasonably necessary to enforce our contracts or policies, to investigate or protect against suspected illegal activities, fraud, or security issues, or to protect the rights, property, or safety of Lewis & Grey, our clients, or the public.
‍Consent: If you have expressly consented to a particular disclosure, we will share your information according to that consent. For instance, if you ask us to introduce you to a partner firm or to publish a testimonial with your name, we will do so only with your permission.
When we disclose personal information to third parties, we take reasonable steps to ensure those third parties are bound to uphold standards of privacy and confidentiality in line with this Privacy Policy and the Australian Privacy Principles. We require that they only use the information for the purposes we have permitted and that they protect the information to at least the same standard we do.

4. Cookies and Analytics
Our website uses cookies and similar tracking technologies to enhance user experience and collect information about how visitors use our site. This section explains how we use these tools:
‍Cookies: A cookie is a small text file that our site may place on your computer or device when you visit. Cookies serve several functions, such as remembering your preferences and settings, improving website functionality, and enabling us to provide a more personalized experience. For example, cookies can help us recognize your browser when you return to our site, or they can store preference information (like language selection). The cookies we use do not personally identify you; they simply associate your browser or device with certain usage patterns or information. You can configure your web browser to refuse cookies or to alert you when cookies are being used. However, please note that if you disable cookies, some features of our website may not function properly.
‍Analytics: We use third-party analytics tools (such as Google Analytics or similar services) to collect standard internet log information and details of visitor behavior patterns. These tools use cookies and other identifiers to help analyze how users interact with our website – for example, which pages are visited, how long users stay, and how they navigated to our site. The information gathered is generally transmitted and stored in an aggregated form, meaning it does not directly identify individual users. We use this analytics data to improve our website’s content and performance, better understand our audience interests, and tailor our marketing efforts.
‍Usage Data Collected: Through cookies and analytics, we may automatically collect certain information when you visit our site, including: your device’s IP address, browser type, operating system, referring URLs, pages viewed, links clicked, and the date/time of your visit. This data helps us monitor website traffic and user behavior on an anonymized basis.
‍Consent to Cookies: By using our website, you consent to our use of cookies and analytics as described in this policy. On your first visit to our site, you may see a notification about our use of cookies; by continuing to browse or by dismissing that notice, you indicate your agreement. If you prefer not to accept cookies, adjust your browser settings accordingly.
We do not use cookies to obtain personal information from your computer that you did not intentionally provide to us. Any third-party analytics service providers we use will only collect and use information as per their own privacy policies. We recommend you review those providers’ privacy policies for more details (for example, Google’s Privacy Policy for Google Analytics).

5. Data Storage and Security
‍Lewis & Grey takes reasonable steps to protect the personal information we hold from misuse, interference, loss, and unauthorized access, modification, or disclosure. All personal information we collect is stored on secure servers or systems located in Australia, and access to this data is restricted to personnel who need it for the purposes described in this policy. We acknowledge that the internet is an inherently insecure medium, and no method of transmitting or storing data is completely secure.
‍General Security Practices: We rely on standard security measures provided by our IT infrastructure and service providers. This includes using secure (HTTPS) connections for our website, maintaining up-to-date software and antivirus protections, and restricting internal access to personal information on a need-to-know basis. Physical records (if any) containing personal information are stored in secure locations accessible only to authorized staff.
‍No Guarantee of Absolute Security: While we strive to protect your personal information, we cannot guarantee absolute security. You transmit information to us at your own risk. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you have with us has been compromised), please immediately notify us (see Contact Us section below).
‍Data Retention and Disposal: We will retain your personal information only for as long as it is needed to fulfill the purposes for which it was collected (or as required by law). When we no longer require your personal information for our business purposes or legal obligations, we will take reasonable steps to destroy or de-identify the information in a secure manner. This could include permanently deleting electronic records and shredding or securely disposing of physical documents.
Even though we currently lack specialized security measures, we remain committed to reviewing and improving our data security practices. Any significant enhancements or changes to our security approach will be reflected in an updated version of this Privacy Policy.

6. User Rights (Access, Correction, and Deletion of Personal Information)We respect your rights to control your personal information. Under the Australian Privacy Act and Principles, as well as our internal policies, you have certain rights regarding the personal data we hold about you:
‍Access: You have the right to request access to the personal information Lewis & Grey holds about you. Upon your request, and after verifying your identity, we will inform you what personal data we have collected, for what purposes, and how it has been used or disclosed, subject to any exemptions under the law. We will provide the information in a suitable format (usually electronic or hard copy) within a reasonable time. Please note that in some circumstances, we may lawfully refuse access. For example, we might decline access if providing it would unreasonably impact someone else’s privacy, or if it would violate attorney-client privilege or other legal obligations. If we refuse your access request, we will provide you with written reasons for the refusal, as well as information on how you can complain about the decision.
‍Correction: If you believe that any personal information we hold about you is inaccurate, out-of-date, incomplete, or misleading, you have the right to request that we correct the information. We encourage you to contact us if your details change or if you find any inaccuracies in our records. We will take reasonable steps to amend your records promptly. If we do not agree that the information needs correction (for instance, if we believe it is accurate and up-to-date), we will let you know our reasons and provide options available to you to contest that decision (such as adding a statement to your file noting your contrary view).
‍Deletion (Right to Erasure): You may request that we delete your personal information. This is sometimes referred to as the "right to be forgotten." Upon such a request, we will take reasonable steps to erase your personal data from our records, provided that the information is not required to be retained by us for legal, auditing, or internal business purposes. For example, if you withdraw your consent for us to hold your contact details for marketing, we will remove your details from our marketing mailing lists. Please understand that absolute deletion may not be possible in all circumstances (for example, information stored in routine computer backups or information we must keep to comply with law or resolve disputes), but we will endeavor to honor your deletion request to the fullest extent practicable.
‍Opt-Out of Marketing: If you no longer wish to receive marketing or promotional communications from us, you have the right to opt out. You can do this by using the "unsubscribe" link in our email communications or by contacting us directly with a request to be removed from our mailing list. We will process your opt-out request as soon as possible. Opting out of marketing messages will not affect our communications with you for non-marketing purposes (for example, responses to inquiries or information about services you are currently using).
‍Anonymity and Pseudonymity: Where practicable, you have the option to interact with us anonymously or using a pseudonym (for example, when making general inquiries). However, for most of our services and engagements, we usually need at least some basic personal details (like your name and contact information) to be able to effectively communicate and provide our services. If you prefer not to provide personal information, we will inform you if that impacts our ability to assist you.
‍Exercising Your Rights: To exercise any of the above rights, please contact us using the details in the Contact Us section below. We may require you to verify your identity before actioning requests (this is to ensure we do not inadvertently modify or disclose someone else’s personal information). We will not charge you for making an access or correction request, but in rare cases we may charge a reasonable administrative fee if a request is particularly complex or resource-intensive (we will advise you of any fee in advance). We aim to respond to all legitimate requests within a reasonable timeframe, typically within 30 days. If we need more time, we will let you know the reason and an expected timeline.

7. International Data Transfers
‍Lewis & Grey is based in Australia and conducts its operations within Australia. We understand the importance of controlling where personal information is sent. In line with Australian Privacy Principle 8 (Cross-border disclosure of personal information) and our commitment to your privacy, we confirm the following:
‍No Overseas Transfers: We do not transfer, disclose, or process your personal information outside of Australia. All the personal data we collect is stored on servers and systems located in Australia, and our third-party service providers (if any) are also based in Australia. This means your data remains subject to Australian privacy laws and protections at all times.
‍Future Changes: If in the future it becomes necessary for us to transfer your personal information to a service provider or entity outside Australia (for example, if we adopt a cloud service with overseas servers or engage an international partner), we will do so only in compliance with the requirements of the Privacy Act. This includes ensuring either that the destination country has substantially similar privacy protections, or obtaining your consent, or making sure the third party undertakes to protect the information in accordance with the APPs. We will update this Privacy Policy to reflect any such changes before any overseas transfer takes place, and will clearly inform you of any new locations or recipients of your data.
‍No International Processing: Aside from storage and handling, we also do not engage in any processing of your data (such as analytics or profiling) in jurisdictions outside Australia. All analysis and use of your personal information by Lewis & Grey occurs within Australia.
By keeping data onshore, we aim to minimize the risks associated with international data transfers and ensure your personal information receives the strong legal protections afforded under Australian law.

8. Updates to This Privacy Policy
We may review and update this Privacy Policy from time to time to reflect changes in our practices, operations, or legal obligations. Updated versions of the policy will be posted on our website with a revised "Effective Date" at the top. We encourage you to check our website periodically to ensure that you are aware of our current Privacy Policy.
If we make significant changes to this Policy (especially changes that affect the purposes for which we collect, use, or disclose your personal information), we will take reasonable steps to notify you – for example, by posting a notice on our website or contacting you via email if we have your contact details. By continuing to use our services or website after any changes come into effect, you will be deemed to have accepted the updated Privacy Policy.

9. Contact Us
If you have any questions, concerns, or complaints regarding this Privacy Policy or how we handle your personal information, please contact us using the details below. We take privacy inquiries seriously and will respond as soon as reasonably possible.

Michael@lewisandgrey.com